CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37404 – IBM Observability with Instana code execution
https://notcve.org/view.php?id=CVE-2023-37404
IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. IBM Observability con Instana 1.0.243 a 1.0.254 podría permitir que un atacante en la red ejecute código arbitrario en el host después de un ataque exitoso de envenenamiento de DNS. ID de IBM X-Force: 259789. • https://exchange.xforce.ibmcloud.com/vulnerabilities/259789 https://www.ibm.com/support/pages/node/7041863 •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27290 – IBM Observability with Instana missing authentication
https://notcve.org/view.php?id=CVE-2023-27290
Docker based datastores for IBM Instana (IBM Observability with Instana 239-0 through 239-2, 241-0 through 241-2, and 243-0) do not currently require authentication. Due to this, an attacker within the network could access the datastores with read/write access. IBM X-Force ID: 248737. Docker based datastores for IBM Instana versions 239-0 through 239-2, 241-0 through 241-2, and 243-0 suffer from a missing authentication vulnerability. • https://www.exploit-db.com/exploits/51314 http://packetstormsecurity.com/files/171770/IBM-Instana-243-0-Missing-Authentication.html https://exchange.xforce.ibmcloud.com/vulnerabilities/248737 https://www.ibm.com/support/pages/node/6959969 • CWE-306: Missing Authentication for Critical Function •